Bringing the less Tech-savvy up to Speed...
In this new era of mostly internet communication and lots of things requiring contact and stuff over the internet... it is party time for malicious actors who will take the opportunity to take advantage of the confusion and chaos (and the relative lax security of home networks and users) to get some nice goodies that were previously hiding behind more secure corporate networks... now, you might think that you are just an ordinary internet user... with little of interest to anyone... however, that isn't the case. Everyone has a use... even if it is as a stepping stone to a more interesting account!
My wife is pretty technology illterate... I have made her use password managers and two factor authorisations over her constant grumbling about how annoying it is and how it really screws everything up! Of course, I can only tell her that the password managers are doing what she tells it to do... and that you need to READ the question that it asks you!
So, the next couple of days are going to be a crash course of bringing her up to speed on how to create new accounts with decent passwords and all the rest of that (she already had them, but I normally did it for her).
Case in point.... her yoga class has now moved online... but she never used her online yoga account (tracking payments and lesson times and stuff like that)... so, she never realised that she had changed and saved several different username/password combinations for the account... the funniest of which I saw was this password! For reference, that is NOT the obscured password... that was one of the password options... which she must have cut and pasted from the obscured password field!
Sigh... I'm hoping that I can do this relatively quickly... and painlessly... if I don't report in, it isn't likely that Coronavirus got me... but my wife killing me after I say something stupid!
Funny stuff aside... be safe on the internet these days, I think that we are going to really see more people try their hand at internet naughty stuff... Password manager, 2FA (Google Authenticator, symmetric secret shared, so you need to write this down)... if you don't know how to do it, try it on an account that you don't care about if you accidentally lock yourself temporarily out of.
Account banner by jimramones
Yeah... I've got to learn about all this stuff. I have no idea what I'm doing! And I'm pretty sure we don't have enough security on our home stuff. I would be forever thankful if you would post a series of short tutorials! And please tell your wife not to hurt you. We need you. Ha ha. :-)
Haha... I will see if I can manage a tutorial or two. I had written something for Binance, but I don't know if they have published it yet or not... and I don't own it anymore (they have the rights now!).
Hm not sure whether trying to teach adults who will not be told otherwise why they need this stuff is easier or harder than kids XD though I guess I had the advantage of school of hard knocks as my daughter and her friend had a few accounts cracked because they were sharing an account (and friend decided to share the password with other friends) and also they were using the lousiest passwords. I'm slowly gearing up to teach them about password managers and I'm hoping they'll surprise me but I feel like it might be too much hard work to bother with XD
So just getting it straight, that screenshot is not an obscured password but literally a bunch of dots?
Ha ha... Yep, it isn't the obscured password... It was the password! I guess she must have copied what was on the screen...
I noticed that the school has some 'interesting' and methodical ways of allocating account names and passwords for online resources... I was showing my girl the pattern and asked if it would be fun to guess her friend's combos! She has more moral fortitude than curiosity...
Bringing back a few reminders would definitely be a good idea, I just shot myself in the foot with Google 2FA, setting up again since for the life of me who knows where I kept details in 2015....
Give the wifey a break, we all juggling more than 3 balls at once. Oh yeah have a great day!
Haha... yes, I will give her a bit of a break... even if it is for mere self-preservation of my own life!
I always advise the copying of the 2FA shared code (and the one time access codes) offline... with two devices doing the key generation. One is configured with the QR code (definitely right) and is the daily usage. The back-up is configured with the human readable code and used as the first verification, so that you know for certain that the shared key is correct. I had written something for this for Binance, I'm not sure if it is published yet...
Yup I saved it, the big question is where! I keep everything out of habit, moved cob-webs around and still coming up with nothing at all. Have now requested exchange to cancel so that I can set up again.... Oh I found QR code for everywhere except the main one I need, shit for luck!
Congrats! on your upvotes from the IBT Community on Hive
2FA is an absolute must for me anymore, too. I'd like to see Steem and Hive go that route, but at least the keys there are strong. As for passwords, I've been using Keeppass for as long as I can remember. There are others that integrate better with browsers, but I really like this one. I've got three secure copies just in case one gets lost on destroyed hardware, too.
I wonder if the 2FA is a good idea for a decentralised network. With the centralised actors, you can always try to reclaim a locked-out account... not so with decetralised network, and people constantly lose their shared key or never even back it up!
Keepass is a great one... I use a different one as I need the ease of integration for my wife who would kill me if there was even more added difficulty!
The private keys on STEEM/HIVE are strong... but that is a double edged sword. For the less security minded, it means that the keys are going to be backed up or stored in a insecure, online or encrypted manner. Like in the browser password storage or an email...